There are two issues when compiling on AIX systems that can be worked around using the proper configure command lines.
One problem involves the less than optimal default shared object search
path that the IBM linker inserts into executables. The second problem is
compilaton failure stemming from an incompatibility with the
<string.h> header file when the IBM compiler attempts to
inline some string functions.
If you are using the IBM xlc/cc compiler with the IBM ld linker:
% env CC=cc \ CPPFLAGS='-U__STR__' \ LDFLAGS='-blibpath:/usr/lib:/lib:/usr/local/lib' \ ./configure ...If you are using the GNU gcc compiler with the IBM ld linker:
% env CC=gcc \ LDFLAGS='-Wl,-blibpath:/usr/lib:/lib:/usr/local/lib' \ ./configure ...If you are using the GNU gcc compiler with the GNU ld linker, something like this ought to work (untested):
% env CC=gcc \ LDFLAGS='-Wl,-rpath,/usr/lib,-rpath,/lib,-rpath,/usr/local/lib' \ ./configure ...
Note that the library paths shown here are for example use only. You may need to use different paths on your system, particularly when linking with any optional libraries (e.g. krb5, ldap, mysql, etc.).
Linking with the IBM or GNU linker
There is a potential security problem when using the IBM linker. Unlike other Unix systems, by default the IBM linker automatically will use the compile time library search path as the runtime shared library search path. The use of relative paths in the runtime library search path is an especially acute security problem for suid or sgid programs. This default behavior is documented, so it is not considered a bug by IBM. However, some suid programs that have shipped with AIX have included insecure library search paths and are vulnerable to privilege elevation exploits.
This may not be such a serious a security problem for ProFTPD, since it is not installed suid or sgid. Nonetheless, it is wise to configure the runtime shared library search path with a reasonable setting. For instance, consider potential problems from searching NFS mounted directories.
An existing AIX executable's library search path can be displayed:
% dump -H progname
The runtime library search patch should be specified explicitly at build time using the -blibpath option:
% cc -blibpath:/usr/lib:/lib:/usr/local/lib % gcc -Wl,-blibpath:/usr/lib:/lib:/usr/local/lib
See the ld documentation, not just that of xlc/cc, for further information
on the IBM linker flags. Alternatively, an insecure library search path
can be avoided using
-bnolibpath, which causes the default path
to be used (either the value of the
LIBPATH environment variable,
if defined, or
/usr/lib:/lib, if not).
It has been reported that at least some versions of GNU ld (e.g. 2.9.1)
have emulated this default linking behavior on AIX platforms. However,
GNU ld uses
-rpath to set the runtime library search path,
rather than the IBM ld
-blibpath or the Sun ld
% gcc -Wl,-rpath,/usr/lib,-rpath,/lib,-rpath,/usr/local/lib
Again, consult the GNU ld documentation for further information. Note that using the gcc compiler does not imply that it uses the GNU ld linker. In fact, it is more common to use the IBM system linker.
The upshot of all this is that you should tell configure what to use
for the runtime shared library search path. This can be done by setting
LDFLAGS on the configure command line, possibly like this:
% env CC=cc LDFLAGS='-blibpath:/usr/lib:/lib:/usr/local/lib' \ ./configure ... % env CC=gcc LDFLAGS='-Wl,-blibpath:/usr/lib:/lib:/usr/local/lib' \ ./configure ...
where the "-l" options refer to shared libraries, which can be determined from the output of:
% dump -Hv progname
which displays shared library information. A basic proftpd executable probably will not require any "-l" options at all.
Compiling with the IBM
There is a problem with the
<cstring.h>. Apparently, these are used as part
of an attempt to inline string functions when the
preprocessor macro is defined. Conflicts with these definitions will cause
The work-around is to undefine the
__STR__ C preprocessor macro,
which is predefined by the IBM compiler. This can be done on the configure
command line by adding
'-U__STR__' to the
% env CC=cc CPPFLAGS='-U__STR__' ./configure ...